On 02.05.2012 05:13, Chris Angelico wrote:

On Wed, May 2, 2012 at 1:09 PM, Senthil Kumaran wrote:

...

Also, I think the instructions in the wiki could be improved. I was not able to su - buildbot after installing through package manager. I shall edit it once I have set it up and running.

The page does say: """... create a new user "buildbot" if it doesn't exist (your package manager might have done it for you)""", but it'd be nice if it could clarify which are known to do it and which are known not to, eg "(the Debian and Red Hat package managers will do this for you)". Or is that too much of a moving target to be worth trying to specify?

I think a buildbot admin should be able to figure out what user the buildbot to run under himself; if that already is a challenge, it might be better if he don't run a build slave. Regards, Martin

That page would probably like a good cleanup. I don't even think creating an user is required - it's just good practice, and you probably want that user to have as few privileges as possible.

That's indeed the motivation. Buildbot slave operators need to recognize that they are opening their machines to execution of arbitrary code, even though this could only be abused by committers. But suppose a committer loses the laptop, which has his SSH key on it, then anybody getting the key could commit malicious code, which then gets executed by all build slaves. Of course, it would be possible to find out whose key has been used (although *not* from the commit message), and revoke that, but the damage might already be done. Regards, Martin P.S. Another attack vector is through the master: if somebody hacks into the machine running the master, they can also compromise all slaves. Of course, we are trying to make it really hard to break into python.org.

On Wed, May 2, 2012 at 1:55 PM, "Martin v. Löwis" wrote:

I'm not sure how useful it is to have a build slave which you can't commit to having for more than 3 months. So I'm -0 on adding this slave, but it is up to Antoine to decide.

I am likely switch to places within 3 months, but I am hoping that having a 24/7 connected system could provide some experience for running a dedicated system in the longer run. Thanks, Senthil

On Wed, 2 May 2012 14:07:09 +0800 Senthil Kumaran wrote:

On Wed, May 2, 2012 at 1:55 PM, "Martin v. Löwis" wrote:

...

I'm not sure how useful it is to have a build slave which you can't commit to having for more than 3 months. So I'm -0 on adding this slave, but it is up to Antoine to decide.

I am likely switch to places within 3 months, but I am hoping that having a 24/7 connected system could provide some experience for running a dedicated system in the longer run.

What are the characteristics of your machine? We already have several Linux x86/x86-64 buildbots... That said, we could also toy with other build options if someone has a request about that. Regards Antoine.

On Thu, 3 May 2012 00:25:05 +0800 Senthil Kumaran wrote:

On Wed, May 2, 2012 at 10:54 PM, Antoine Pitrou wrote:

...

What are the characteristics of your machine? We already have several Linux x86/x86-64 buildbots... That said, we could also toy with other build options if someone has a request about that.

It is not very unique. It is Intel x86 (32 bit) and 1 GB ram. It is running Ubuntu Server edition. Yeah if additional build options (or additional software configuration options) or some alternative coverage could be thought off with current config itself, I could do that.

Daily code coverage builds would be nice, but that's probably beyond what the current infrastructure can offer. It would be nice if someone wants to investigate that. Regards Antoine.

On 04.05.2012 07:21, Senthil Kumaran wrote:

On Thu, May 3, 2012 at 12:46 AM, Antoine Pitrou wrote:

...

Daily code coverage builds would be nice, but that's probably beyond what the current infrastructure can offer. It would be nice if someone wants to investigate that.

Code coverage buildbots would indeed be good. I could give a try on this. What kind of infra changes would be required? I presume, it is the server side that you are referring to.

I think the setup could be similar to the daily DMG builder. If the slave generates a set of HTML files (say), those can be uploaded just fine. However, we don't have any "make coverage" target currently in the makefile. So if you contribute that, we could then have it run daily. Regards, Martin